From b1966cac5f1a51a9aeeb0954cb6646aa9694ccbc Mon Sep 17 00:00:00 2001 From: Juan Carlos Luciani Date: Wed, 31 May 2006 15:24:01 +0000 Subject: [PATCH] Changes accomplish the following: - Allow for binary identity attributes. - Simplify configuration of the svc. --- auth_token/server/AuthTokenSvc/Makefile.am | 5 +- .../server/AuthTokenSvc/authtoken.settings | 4 + .../server/AuthTokenSvc/identoken.settings | 6 + .../casa/authtoksvc/AuthTokenConfig.java | 2 +- .../novell/casa/authtoksvc/Authenticate.java | 2 - .../casa/authtoksvc/CasaIdentityToken.java | 130 ++++++++++-------- .../com/novell/casa/authtoksvc/SvcConfig.java | 4 +- auth_token/server/AuthTokenSvc/svc.settings | 6 + .../com/novell/casa/authtoksvc => }/web.xml | 1 + 9 files changed, 99 insertions(+), 61 deletions(-) create mode 100644 auth_token/server/AuthTokenSvc/authtoken.settings create mode 100644 auth_token/server/AuthTokenSvc/identoken.settings create mode 100644 auth_token/server/AuthTokenSvc/svc.settings rename auth_token/server/AuthTokenSvc/{src/com/novell/casa/authtoksvc => }/web.xml (93%) diff --git a/auth_token/server/AuthTokenSvc/Makefile.am b/auth_token/server/AuthTokenSvc/Makefile.am index 8d90128d..a54ad79a 100644 --- a/auth_token/server/AuthTokenSvc/Makefile.am +++ b/auth_token/server/AuthTokenSvc/Makefile.am @@ -96,7 +96,10 @@ $(BUILDDIR)/%.class: %.java $(BUILDDIR)/$(WEBAPP): $(BUILDDIR) $(CLASSES) @echo [======== Creating Webapp $@ ========] - cp src/com/novell/casa/authtoksvc/web.xml $(BUILDDIR)/webapp/WEB-INF/web.xml + cp web.xml $(BUILDDIR)/webapp/WEB-INF/web.xml + cp svc.settings $(BUILDDIR)/webapp/WEB-INF/conf/svc.settings + cp authtoken.settings $(BUILDDIR)/webapp/WEB-INF/conf/authtoken.settings + cp identoken.settings $(BUILDDIR)/webapp/WEB-INF/conf/identoken.settings cp src/com/novell/casa/authtoksvc/Krb5_mechanism.settings $(BUILDDIR)/webapp/WEB-INF/conf/installed_auth_mechanisms/Krb5Authenticate/mechanism.settings cp src/com/novell/casa/authtoksvc/Pwd_mechanism.settings $(BUILDDIR)/webapp/WEB-INF/conf/installed_auth_mechanisms/PwdAuthenticate/mechanism.settings cp $(IDENT_ABSTRACTION_DIR)/*.jar $(BUILDDIR)/webapp/WEB-INF/lib/ diff --git a/auth_token/server/AuthTokenSvc/authtoken.settings b/auth_token/server/AuthTokenSvc/authtoken.settings new file mode 100644 index 00000000..4f10c209 --- /dev/null +++ b/auth_token/server/AuthTokenSvc/authtoken.settings @@ -0,0 +1,4 @@ + + +3600 + diff --git a/auth_token/server/AuthTokenSvc/identoken.settings b/auth_token/server/AuthTokenSvc/identoken.settings new file mode 100644 index 00000000..20209b9c --- /dev/null +++ b/auth_token/server/AuthTokenSvc/identoken.settings @@ -0,0 +1,6 @@ + + +false +sn + + diff --git a/auth_token/server/AuthTokenSvc/src/com/novell/casa/authtoksvc/AuthTokenConfig.java b/auth_token/server/AuthTokenSvc/src/com/novell/casa/authtoksvc/AuthTokenConfig.java index 29aa6fbe..066be707 100644 --- a/auth_token/server/AuthTokenSvc/src/com/novell/casa/authtoksvc/AuthTokenConfig.java +++ b/auth_token/server/AuthTokenSvc/src/com/novell/casa/authtoksvc/AuthTokenConfig.java @@ -46,7 +46,7 @@ public class AuthTokenConfig public final static String IdentityTokenType = "IdentityTokenType"; // Default configuration values - private String m_defaultTokenLifetimeValue = "360"; // Seconds + private String m_defaultTokenLifetimeValue = "3600"; // Seconds private String m_defaultLifetimeShorterValue = "5"; // Seconds private String m_defaultIdentityTokenTypeValue = "CasaIdentityToken"; diff --git a/auth_token/server/AuthTokenSvc/src/com/novell/casa/authtoksvc/Authenticate.java b/auth_token/server/AuthTokenSvc/src/com/novell/casa/authtoksvc/Authenticate.java index ef00cc0f..d2244fba 100644 --- a/auth_token/server/AuthTokenSvc/src/com/novell/casa/authtoksvc/Authenticate.java +++ b/auth_token/server/AuthTokenSvc/src/com/novell/casa/authtoksvc/Authenticate.java @@ -45,8 +45,6 @@ import java.net.URLClassLoader; */ public class Authenticate implements RpcMethod { - private static final String sessionTokenLifetime = "360"; // tbd - Obtain from configuration - private static final String m_mechanismSettingsFileName = "mechanism.settings"; private Map m_authMechanismMap; diff --git a/auth_token/server/AuthTokenSvc/src/com/novell/casa/authtoksvc/CasaIdentityToken.java b/auth_token/server/AuthTokenSvc/src/com/novell/casa/authtoksvc/CasaIdentityToken.java index 9de40376..75996278 100644 --- a/auth_token/server/AuthTokenSvc/src/com/novell/casa/authtoksvc/CasaIdentityToken.java +++ b/auth_token/server/AuthTokenSvc/src/com/novell/casa/authtoksvc/CasaIdentityToken.java @@ -121,7 +121,8 @@ public class CasaIdentityToken implements IdentityToken private final static int AWAITING_ATTRIBUTE_START = 18; private final static int AWAITING_ATTRIBUTE_END = 19; private final static int AWAITING_ATTRIBUTE_DATA = 20; - private final static int DONE_PARSING = 21; + private final static int AWAITING_BINARY_ATTRIBUTE_DATA = 21; + private final static int DONE_PARSING = 22; private CasaIdentityToken m_casaIdentToken; private int m_state; @@ -266,8 +267,19 @@ public class CasaIdentityToken implements IdentityToken // Save the element name as the current attribute m_currAttribute = qName; - // Advance to the next state - m_state = AWAITING_ATTRIBUTE_DATA; + // Advance to the next state based on the attribute type + String attrType = atts.getValue("type"); + if (attrType != null && attrType.equals("binary")) + { + // We are dealing with a binary attribute. We are going to + // assume that binary attributes are always base64 encoded. + m_state = AWAITING_BINARY_ATTRIBUTE_DATA; + } + else + { + // Assume we are dealing with an attribute of type string + m_state = AWAITING_ATTRIBUTE_DATA; + } break; default: @@ -459,7 +471,6 @@ public class CasaIdentityToken implements IdentityToken { // tbd - Decrypt the attribute key and value with the private key of the service // using the configured mechanism. - m_casaIdentToken.m_attributes.put(m_currAttribute, new String(ch, start, length)); } else { @@ -470,6 +481,30 @@ public class CasaIdentityToken implements IdentityToken m_state = AWAITING_ATTRIBUTE_END; break; + case AWAITING_BINARY_ATTRIBUTE_DATA: + // Consume the data + // + // Decrypt the attribute data if necessary + if (m_encryptedAttrs) + { + // tbd - Decrypt the attribute key and value with the private key of the service + // using the configured mechanism. + } + else + { + // The data is base64 encoded + System.err.println("CasaIdentityToken SAXHandler.characters()- encodedChars = " + length); + char[] encodedChars = new char[length]; + System.arraycopy(ch, start, encodedChars, 0, length); + System.err.println("CasaIdentityToken SAXHandler.characters()- encodedChars copied to new array"); + m_casaIdentToken.m_attributes.put(m_currAttribute, Base64Coder.decode(encodedChars)); + System.err.println("CasaIdentityToken SAXHandler.characters()- encodedChars decoded"); + } + + // Advance to the next state + m_state = AWAITING_ATTRIBUTE_END; + break; + default: // Do nothing break; @@ -480,7 +515,7 @@ public class CasaIdentityToken implements IdentityToken /* * Constructor. */ - public CasaIdentityToken(IdenTokenConfig idenTokenConfig) + public CasaIdentityToken (IdenTokenConfig idenTokenConfig) { // Initialize our members m_token = null; @@ -491,7 +526,7 @@ public class CasaIdentityToken implements IdentityToken /* * Constructor. */ - public CasaIdentityToken() + public CasaIdentityToken () { // Initialize our members m_token = null; @@ -502,11 +537,11 @@ public class CasaIdentityToken implements IdentityToken /* * Initialize with parameters. */ - public void initialize(String identityId, - String sourceName, - String targetService, - String targetHost, - SvcConfig svcConfig) throws Exception + public void initialize (String identityId, + String sourceName, + String targetService, + String targetHost, + SvcConfig svcConfig) throws Exception { // Save input parameters m_identityId = identityId; @@ -517,12 +552,11 @@ public class CasaIdentityToken implements IdentityToken try { - // tbd - Read parameters from configuration and leverage Higgins. - // // Open a directory context and use it to read the identity attributes. Hashtable env = new Hashtable(); env.put(Context.INITIAL_CONTEXT_FACTORY, "org.bandit.ia.IAInitialCtxFactory"); env.put(IAContext.IA_REALM_CONFIG_LOCATION, svcConfig.getSetting(SvcConfig.IdentityAbstractionConfigFile)); + env.put("java.naming.ldap.attributes.binary", "guid"); env.put(IAContext.IA_REALM_SELECTOR, sourceName); DirContext ctx = new InitialDirContext(env); @@ -552,45 +586,31 @@ public class CasaIdentityToken implements IdentityToken NamingEnumeration enumeration = attr.getAll(); while (enumeration.hasMore()) { - String attrValue = null; - Object o = enumeration.next(); - if (o == null) - { - System.err.println("CasaIdentityToken.initialize()- null"); - } - if (o instanceof java.lang.String) - { - System.err.println("CasaIdentityToken.initialize()- Type string"); - attrValue = (String) o; - } - else if (o instanceof java.lang.Byte) - { - System.err.println("CasaIdentityToken.initialize()- Type byte[]"); - attrValue = ((byte[]) o).toString(); - } + Object attrValue = enumeration.next(); + m_attributes.put(attr.getID(), attrValue); + System.err.println("CasaIdentityToken.initialize()- Including attribute " + attr.getID()); - // Proceed if we were able to get the attribute value in String form - if (attrValue != null) + // Encrypt the attribute if necessary + if (encryptAttributes == true) { - m_attributes.put(attr.getID(), attrValue); - System.err.println("CasaIdentityToken.initialize()- Including attribute " + attr.getID() + " of value " + attrValue); - - // Encrypt the attribute if necessary - if (encryptAttributes == true) - { - // tbd - Encrypt the attributes using the services public key, let the mechanism - // be configurable. The services certificate should be Base64 encoded as a setting - // of the identoken.settings file. - sb.append("<" + attr.getID() + ">" + attrValue + "" + "\r\n"); - } - else - { - sb.append("<" + attr.getID() + ">" + attrValue + "" + "\r\n"); - } + // tbd - Encrypt the attributes using the services public key, let the mechanism + // be configurable. The service's certificate should be Base64 encoded as a setting + // of the identoken.settings file. } else { - System.err.println("CasaIdentityToken.initialize()- Unrecognized object type for attribute " + attr.getID()); + // Proceed based on the attribute value type + if (attrValue instanceof byte[]) + { + // The attribute value is of type byte[], we need to encode it. + sb.append("<" + attr.getID() + " type=\"binary\" encoding=\"base64\">" + new String(Base64Coder.encode((byte[]) attrValue)) + "" + "\r\n"); + System.err.println("Attribute " + attr.getID() + "included as " + new String(Base64Coder.encode((byte[]) attrValue))); + } + else + { + // Assume the attribute value is of type String + sb.append("<" + attr.getID() + ">" + (String) attrValue + "" + "\r\n"); + } } } } @@ -647,7 +667,7 @@ public class CasaIdentityToken implements IdentityToken * IMPORTANT: The token string can not contain the substring "]]>" * within it. */ - public String getEncodedToken() throws Exception + public String getEncodedToken () throws Exception { if (m_token != null) { @@ -663,7 +683,7 @@ public class CasaIdentityToken implements IdentityToken /* * Returns a string containing our type of identity token provider. */ - public String getProviderType() throws Exception + public String getProviderType () throws Exception { // tbd - Change to a GUID return "CasaIdentityToken"; @@ -672,7 +692,7 @@ public class CasaIdentityToken implements IdentityToken /* * Returns a string containing the identity id. */ - public String getIdentityId() throws Exception + public String getIdentityId () throws Exception { if (m_identityId != null) return m_identityId; @@ -687,7 +707,7 @@ public class CasaIdentityToken implements IdentityToken * Returns a string containing the name associated with the * identity source. */ - public String getSourceName() throws Exception + public String getSourceName () throws Exception { if (m_sourceName != null) return m_sourceName; @@ -702,7 +722,7 @@ public class CasaIdentityToken implements IdentityToken * Returns a string containing the url associated with the * identity source. */ - public String getSourceUrl() throws Exception + public String getSourceUrl () throws Exception { if (m_sourceUrl != null) return m_sourceUrl; @@ -716,7 +736,7 @@ public class CasaIdentityToken implements IdentityToken /* * Returns a string containing the name of the targeted service. */ - public String getTargetService() throws Exception + public String getTargetService () throws Exception { if (m_service != null) return m_service; @@ -731,7 +751,7 @@ public class CasaIdentityToken implements IdentityToken * Returns a string containig the name of the host where the * targeted service resides. */ - public String getTargetHost() throws Exception + public String getTargetHost () throws Exception { if (m_host != null) return m_host; @@ -745,7 +765,7 @@ public class CasaIdentityToken implements IdentityToken /* * Returns the attributes of the identity. */ - public javax.naming.directory.Attributes getAttributes() throws Exception + public javax.naming.directory.Attributes getAttributes () throws Exception { if (m_attributes != null) return m_attributes; diff --git a/auth_token/server/AuthTokenSvc/src/com/novell/casa/authtoksvc/SvcConfig.java b/auth_token/server/AuthTokenSvc/src/com/novell/casa/authtoksvc/SvcConfig.java index 5e2ad335..39630987 100644 --- a/auth_token/server/AuthTokenSvc/src/com/novell/casa/authtoksvc/SvcConfig.java +++ b/auth_token/server/AuthTokenSvc/src/com/novell/casa/authtoksvc/SvcConfig.java @@ -54,8 +54,8 @@ public class SvcConfig public final static String AppRootPath = "AppRootPath"; // Default configuration values - private String m_defaultSessionTokenLifetimeValue = "360"; // Seconds - private String m_defaultLifetimeShorterValue = "5"; // Seconds + private String m_defaultSessionTokenLifetimeValue = "43200"; // Seconds + private String m_defaultLifetimeShorterValue = "5"; // Seconds private static final String m_svcSettingsFileName = "svc.settings"; private Map m_svcSettingsMap; diff --git a/auth_token/server/AuthTokenSvc/svc.settings b/auth_token/server/AuthTokenSvc/svc.settings new file mode 100644 index 00000000..c58c30fa --- /dev/null +++ b/auth_token/server/AuthTokenSvc/svc.settings @@ -0,0 +1,6 @@ + + +Replace with path to the Identity Abstraction Realms Configuration File. +Replace with the Context from where to start searches, do not specify to start at the root. +43200 + diff --git a/auth_token/server/AuthTokenSvc/src/com/novell/casa/authtoksvc/web.xml b/auth_token/server/AuthTokenSvc/web.xml similarity index 93% rename from auth_token/server/AuthTokenSvc/src/com/novell/casa/authtoksvc/web.xml rename to auth_token/server/AuthTokenSvc/web.xml index cf655ee5..9cefa768 100644 --- a/auth_token/server/AuthTokenSvc/src/com/novell/casa/authtoksvc/web.xml +++ b/auth_token/server/AuthTokenSvc/web.xml @@ -4,6 +4,7 @@ CasaAuthTokenSvc + The CasaAuthTokenSvc provides authentication tokens. Rpc